Release notes
TrainingSupportCommunity
Back to All

Nov 18, 2020 — Secure DNS Forwarder availability

about 4 years ago by jacabral@akamai.com

Secure DNS Forwarder is now generally available with Security Connector 2.7.0

In addition to functioning as a DNS sinkhole, Security Connector can now act as a DNS forwarder that directs traffic to ​SIA​ for resolution. Secure DNS Forwarder detects the internal client IP address and the internal hostname of the client machine. It also protects connections to ​SIA​ with DNS over TLS (DoT).

In the Security Connector console, a new menu is now available for DNS Forwarder. You can:

  • View traffic statistics about connections that are directed from DNS Forwarder to ​SIA​.

  • View the health status of DNS Forwarder

  • Enable or disable DNS Forwarder. By default, DNS Forwarder is enabled.

  • Temporarily enable query and response logging in your enterprise for ​Akamai​ to investigate and troubleshoot an issue.

  • Change the DNS Forwarder port. By default, DNS Forwarder uses outbound TCP port 443. However, you can choose to use outbound TCP port 853.

  • Configure a local DNS server. If your organization’s corporate DNS server is not recursive and is used for internal domains only, you can configure it as a local DNS server for DNS Forwarder. This configuration sets the DNS server that you configured in the Security Connector setup as a fallback server in case ​SIA​ is not reachable. If you apply a local DNS server configuration, you can then set the Security Connector DNS name server to use the ​SIA​ DNS server IP addresses.

​SIA​ also now includes new reporting dimensions to show the internal client IP address and the internal hostname of the user’s machine.

Note these considerations:

  • When you upgrade Security Connector, the virtual machine will temporarily hop to version 2.6.9 before it upgrades to version 2.7.0. This upgrade process also restarts your virtual machine twice. Make sure you do not interrupt this upgrade process. If you find that Security Connector is stuck on version 2.6.9, contact ​Akamai​ Support.

  • If you intend to use DNS Forwarder, the virtual machine requires 4 GB of RAM and can be increased to 8 GB. If you don’t intend to use Security Connector as a DNS Forwarder, 2 GB of RAM is enough for the Security Connector virtual machine.

For more information about this update, see Security Connector as a DNS forwarder.